ROUTER VULNERABILITY PRESENT FOR A DECADE: WHY IOT SUPPLY CHAIN IS TO BLAMEROUTER VULNERABILITY PRESENT FOR A DECADE: WHY IOT SUPPLY CHAIN IS TO BLAME 2 INTRODUCTION In April 2021, Tenable disclosed multiple vulnerabilities in a series of Buffalo consumer routers, marketed and sold in Japan. During the disclosure process, it became apparent that one of the vulnerabilities, CVE- 2021-20090, a path traversal/authentication bypass flaw, was not unique to the Buffalo series of routers, but was instead a vulnerability in the underlying Arcadyan software. Though we don’t know the exact relationship between Buffalo and Arcadyan, we do know that Arcadyan manufactured the devices in question, and appear to be the source of the firmware which the devices run. Consequently, the vulnerability af

Join for free to read